Comment 7 for bug 1589693
Revision history for this message
| Jonathan Kamens (jik) wrote Re: Make Launchpad DMARC Compliant to avoid Launchpad mail considered spam | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
I just started running opendmarc on my mail server, and it informed me this evening that an email message received from LaunchPad failed DMARC. The message came from `<email address hidden>`, so it's Canonical's own domain that is failing DMARC in this case, because although the domain has a DMARC record, it doesn't have an SPF record and launchPad doesn't do DKIM signatures.
Regarding the other issue discussed above, i.e., LaunchPad putting commenters' email addresses in the From: line of the message, this is clearly wrong given the status quo of email security. While I suppose someone could have reasonably claimed otherwise two and a half years ago, that ship has sailed. You can't be generating email messages that violate other domains' DMARC policies, period.
Both of these issues really need to be fixed.